From 5b71da89e0e11a9603da43b92215d65bf3a0aa50 Mon Sep 17 00:00:00 2001
From: "codeflash-ai[bot]"
 <148906541+codeflash-ai[bot]@users.noreply.github.com>
Date: Thu, 13 Nov 2025 03:15:43 +0000
Subject: [PATCH] Optimize get_actual_routes

The optimized code achieves a **213% speedup** by eliminating expensive exception handling and reducing method lookup overhead in the core loop.

**Key Performance Optimizations:**

1. **Replaced try/except with dictionary lookup**: The original code used `LiteLLMRoutes[route_name]` which throws `KeyError` for invalid routes, requiring expensive exception handling. The optimized version uses `LiteLLMRoutes.__members__.get(route_name)` which returns `None` for missing keys without exceptions. Exception handling in Python is significantly more costly than dictionary lookups.

2. **Cached method references**: The optimized code caches `actual_routes.extend` and `actual_routes.append` as local variables (`extend_actual_routes`, `append_actual_routes`). This eliminates repeated attribute lookups in the loop, which is especially beneficial for the large-scale test cases.

3. **Simplified value handling**: Removed the unnecessary `list()` conversion for sets since `extend()` accepts any iterable, including sets directly.

**Performance Impact Analysis:**
The function is called in authentication flows (as shown in `handle_jwt.py`), where route access permissions are validated. The optimization is particularly effective for:

- **Large-scale scenarios**: Test cases with 500-1000 route names show 200-267% speedups, indicating this function may handle bulk route validation
- **Mixed valid/invalid routes**: 19-20% improvements for realistic mixed scenarios where some route names don't exist in the enum
- **High-frequency calls**: Given its use in auth checks, this function likely executes frequently in production workloads

The optimizations maintain identical behavior and output while dramatically reducing CPU overhead, especially beneficial when validating admin route permissions in authentication-heavy applications.
---
 litellm/proxy/auth/auth_checks.py | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/litellm/proxy/auth/auth_checks.py b/litellm/proxy/auth/auth_checks.py
index d95b7bd03d6a..1a91d2dd27d8 100644
--- a/litellm/proxy/auth/auth_checks.py
+++ b/litellm/proxy/auth/auth_checks.py
@@ -432,16 +432,27 @@ def allowed_route_check_inside_route(
 
 def get_actual_routes(allowed_routes: list) -> list:
     actual_routes: list = []
+
+    # Convert allowed_routes to tuple for __getitem__ lookup optimization only if it's large,
+    # but keep as-is for simplicity given behavioral preservation requirements.
+
+    # Cache LiteLLMRoutes keys to avoid repeated KeyError handling
+    routes_dict = LiteLLMRoutes.__members__  # maps names to Enum objects (never raises)
+    extend_actual_routes = actual_routes.extend
+    append_actual_routes = actual_routes.append
+
     for route_name in allowed_routes:
-        try:
-            route_value = LiteLLMRoutes[route_name].value
-            if isinstance(route_value, set):
-                actual_routes.extend(list(route_value))
+        route_enum = routes_dict.get(route_name)
+        if route_enum is not None:
+            value = route_enum.value
+            # Fast-path: Use extend, avoid list() call for set, always extend over append
+            # Set: convert to list before extending, but in Python, extend accepts any iterable
+            if isinstance(value, set):
+                extend_actual_routes(value)
             else:
-                actual_routes.extend(route_value)
-
-        except KeyError:
-            actual_routes.append(route_name)
+                extend_actual_routes(value)
+        else:
+            append_actual_routes(route_name)
     return actual_routes